Apple Denies FBI Had Access To UDIDs

First time accepted submitter WIn5t0n writes "Just a day after the alleged leak of 12million Apple UDID's, both Apple and FBI have denied the story that Anonymous, a global hacking community, gained access to the files by hacking into an FBI laptop through a Java vulnerability. Earlier this morning the FBI claimed that, even though the agent cited in Anonymous's story is an actual FBI operative, neither he nor anyone else in the agency has or has had access to Apple device information. This afternoon Apple followed up on the FBI's statement, with an unidentified Apple representative claiming that, 'The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization.' It should also be noted that while the hackers claim to have accessed 12 million UDID's, only 1 million were publicly released. The Apple representative who made the previous statements also said that, 'Apple has replaced the types of identifiers the hackers appear to have gotten and will be discontinuing their use.' Even though neither Anonymous nor the FBI/APPLE will admit where the data actually came from, it does appear that at least some of the leaked UDID's are legit and can be tied back to current, privately owned devices. So far no information besides the devices UDID, DevToken ID, and device name has been released, however the original hackers claimed that some devices were tied to details as exact as phone numbers and billing addresses."

From the paranoid....

[Anonymous Coward]

Of course that is what they would say.

You are not allowed to say one way or the other if you have a National Security letter (demand) issued...

Where DID they come from then.

[MrDoh!]

Someone's not being truthful about all this. Scary that my first thoughts are Apple and the FBI first over anonymous hackers! So they've got a million from /somewhere/ then. If not the FBI, next logical guess would be Apple, where else could they be from? (maybe a carrier? Are they all on the same network I wonder?)

Re:But Anonymous has?

[MBCook]

Or, it could simply mean that the FBI didn't get the information from Apple, but from some 3rd party.

Easy to get UDID's

[SuperKendall]

So Apple says that the FBI doesn't have access to UDIDs but a bunch of script kiddies do?

Yes, that's in fact very easy to believe. All it would take is for the script kiddies to break into some server of an app that used UDID's for tracking users logged into an application that transmitted UDID's to the server as a kind of cookie... many developers used to do that, which is why Apple stopped allowing UDID's to be used by developers. It's really easy to believe a script kiddie stumbled on to such a list on some server.

The FBI wouldn't have a lit of UDID's unless they had some kind of official request for them, but then why only 12 million? Why would they be on a laptop instead of back in some server somewhere? I have no doubt the FBI could get such a list if they had a reason to, but really the UDID is of such little use to do anything with why would they?

In the end the thing that makes me doubt the source, the number of devices in the list is pretty small compared to the number of devices around, but is just about right to be the records from some application using the UDID as weak authentication...

Re:But Anonymous has?

[AK Marc]

the FBI got it from Anonymous. Somewhere, a catch-22 just died.

Re:But Anonymous has?

[tooyoung]

or do Apple's PR people have an IQ matching the number of buttons on the magic mouse?

Wait a minute...the magic mouse doesn't have buttons...

For what?

[SuperKendall]

If these files had anything of any use to anyone, I would be suspicious right there with you.

But these files are basically useless. For around a year now applications cannot eve access the UDID or submissions to the app store will be blocked. In iOS6 it's totally blocked. That's the thing in the end that convinces me the FBI is not involved, because this data is of no real use to them at all, not even for keeping tabs of future mobile device use. And again, the number of devices they have here also makes very little sense in terms of being something the FBI would have collected - the FBI should have a complete list of hundreds of millions of devices, not just 12 million.

When things are confused, the simplest answer is usually correct. There is no simple answer as to how they were obtained from an FBI laptop or why the FBI would have such a pointless list of data, whereas anon skimming these files off some hapless server IS a very simple aswer as to how they have this data.

If it had names & addresses & SSN for everyone, then I'd start wondering. But this scattershot file of mostly useless identifiers is just pointless to risk the furor of Congress (who they will have to answer to if lying) to acquire.

Re:iOS6

[Anonymous Coward]

I still don't understand why they can't just generate a UDID per device per app—but always the same. Would solve some of the worse problems without affecting convenience that much.

Apple trying to fix a NON DENIAL

[Anonymous Coward]

The actual official press release from the FBI, the only statement that matters, didn't deny it, it says "at this time there is no evidence". It was a non denial denial. Apple are simply trying to fix the non-denial denial.

But I agree with you, it is likely a rogue app, or an App with a very bad EULA captured the data. It is also likely the FBI got it as part of an investigation into that app.

Now they should try to match up the common app and then we will know more.